General
-
Target
from-iso_DHL.EXE1__.exe
-
Size
7KB
-
Sample
230213-sdxh4aea33
-
MD5
729cc4092956ba9a933a6066526df3fe
-
SHA1
bb17e4520e65cf45def4ff881cc50b6771c83924
-
SHA256
e4c9593c659bac746a293cc94552481a1089372820685f8807f03b8682a0c485
-
SHA512
5946955f2056f036a884b0da74457ba250729def0d7c6c298522e2e77fa8b922de24790f78c2eacd04c2f37935107ed425346ec1a3dbf9badc81955b52f2603b
-
SSDEEP
96:NBKkYCOAn1fkOKppNPm+SmLjtcROCRZBzlH+BxztpsJ2lkSVtdWZzNt:/wCOKf601mLJ2OCTNxCttpqSVGb
Static task
static1
Behavioral task
behavioral1
Sample
from-iso_DHL.EXE1__.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
from-iso_DHL.EXE1__.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
netwire
212.193.30.230:3363
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password@2
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
from-iso_DHL.EXE1__.exe
-
Size
7KB
-
MD5
729cc4092956ba9a933a6066526df3fe
-
SHA1
bb17e4520e65cf45def4ff881cc50b6771c83924
-
SHA256
e4c9593c659bac746a293cc94552481a1089372820685f8807f03b8682a0c485
-
SHA512
5946955f2056f036a884b0da74457ba250729def0d7c6c298522e2e77fa8b922de24790f78c2eacd04c2f37935107ed425346ec1a3dbf9badc81955b52f2603b
-
SSDEEP
96:NBKkYCOAn1fkOKppNPm+SmLjtcROCRZBzlH+BxztpsJ2lkSVtdWZzNt:/wCOKf601mLJ2OCTNxCttpqSVGb
Score10/10-
NetWire RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-